gitolite配置-连接错误_Git_Gitolite_Ssh Keys

gitolite配置-连接错误

git

gitolite配置-连接错误,git,gitolite,ssh-keys,Git,Gitolite,Ssh Keys,我想将gitolite用于服务器上的git文件夹。我搜索了很多有教程的博客，但没有找到一些与服务器连接正确的例子因此，我添加了一个新用户gitolite，并创建了home目录/home/gitolite。我将gitolite安装到/home/gitolite/bin，并使用ssh密钥进行了安装在我的PC上，我成功克隆了gitolite admin，并生成了新的ssh密钥（test，test.pub），它们保存在.ssh/： honza@honza-sg:~$ ls .ssh/t* .ssh/

我想将gitolite用于服务器上的git文件夹。我搜索了很多有教程的博客，但没有找到一些与服务器连接正确的例子

因此，我添加了一个新用户gitolite，并创建了home目录/home/gitolite。我将gitolite安装到/home/gitolite/bin，并使用ssh密钥进行了安装

在我的PC上，我成功克隆了gitolite admin，并生成了新的ssh密钥（test，test.pub），它们保存在.ssh/：

honza@honza-sg:~$ ls .ssh/t*
.ssh/test  .ssh/test.pub

下一步：将“test.pub”复制到keydir并修改gitolite.conf：

honza@honza-sg:~$ ls -l gitolite-admin/keydir/
-rw-rw-r-- 1 honza honza 396 bře 18 16:46 gitolite.pub
-rw-r--r-- 1 honza honza 396 bře 18 20:39 test.pub

honza@honza-sg:~$ cat gitolite-admin/conf/gitolite.conf 
repo gitolite-admin
    RW+     =   gitolite

repo work
    RW+     =   test

我将此更改推送到服务器：

honza@honza-sg:~/gitolite-admin$ git add .
honza@honza-sg:~/gitolite-admin$ git commit -m 'add test user'
[master bff8df5] add test user
 2 files changed, 2 insertions(+), 10 deletions(-)
 create mode 100644 keydir/test.pub
honza@honza-sg:~/gitolite-admin$ git push
Counting objects: 10, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (6/6), 774 bytes, done.
Total 6 (delta 1), reused 0 (delta 0)
remote: Initialized empty Git repository in /home/gitolite/repositories/work.git/
To gitbox:gitolite-admin
   3102ec2..bff8df5  master -> master

我想，这是一个正确的程序。现在，我需要克隆新的git存储库。在.ssh/config中，我有以下内容：

honza@honza-sg:~$ cat .ssh/config 
Host gitbox
        User gitolite
        Hostname 192.168.1.10
        Port 22
        IdentityFile ~/.ssh/gitolite
Host gittest
        User test
        Hostname 192.168.1.10
        Port 22
        IdentityFile ~/.ssh/test

和克隆命令：

honza@honza-sg:~/temp$ git clone gittest:work

问题在于：

Cloning into 'work'...
test@192.168.1.10's password: 
Permission denied, please try again.
test@192.168.1.10's password: 
Permission denied, please try again.
test@192.168.1.10's password: 
Permission denied (publickey,password).
fatal: The remote end hung up unexpectedly

为什么它要我输入密码？当我生成密钥时，我没有插入密码（我只按了两次“回车”）

谢谢你的帮助，我的英语很抱歉：）

编辑：

ssh-vvvT测试：

honza@honza-sg:~/temp$ ssh -vvvT gittest
OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /home/honza/.ssh/config
debug1: /home/honza/.ssh/config line 6: Applying options for gittest
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.10 [192.168.1.10] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/honza/.ssh/test" as a RSA1 public key
debug1: identity file /home/honza/.ssh/test type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/honza/.ssh/test-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-3ubuntu1
debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.1.10" from file "/home/honza/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/honza/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA d6:32:05:31:ea:3a:30:45:31:99:ca:90:b3:53:cb:75
debug3: load_hostkeys: loading entries for host "192.168.1.10" from file "/home/honza/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/honza/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.1.10' is known and matches the ECDSA host key.
debug1: Found key in /home/honza/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/honza/.ssh/test (0x7fa857d08e60)
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/honza/.ssh/test
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
test@192.168.1.10's password:

您可以检查ssh-vT gittest的结果，以了解它为什么要请求密码。
请参阅位于“”的调试会话示例

确保您的ssh密钥在

honza sg

和gitolite服务器

.ssh

目录上都有正确的保护。

请参阅“”：主要问题通常是

.ssh

或其任何父目录上的可写组。

您仍然需要使用gitolite用户进行登录。Gitolite将测试用户的密钥设置为授权密钥，它知道测试用户因此可以访问什么。因此：

Host gittest
        User test
        Hostname 192.168.1.10
        Port 22
        IdentityFile ~/.ssh/test

应该是这样的：

Host gittest
        User gitolite
        Hostname 192.168.1.10
        Port 22
        IdentityFile ~/.ssh/test

.... dbg1:ssh\u ecdsa\u验证：签名正确dbg1:SSH2\u MSG\u发送的新密钥dbg1:需要SSH2\u MSG\u发送的新密钥dbg1:SSH2\u MSG\u接收的新密钥dbg1:服务器不允许漫游dbg1:SSH2\u MSG\u服务请求发送的dbg1:SSH2\u MSG\u服务接收的dbg1:可以继续的身份验证：公钥，密码dbg1:下一个身份验证方法：公钥dbg1:提供RSA公钥：/home/honza/.ssh/test dbg1:可以继续的身份验证：公钥，密码dbg1:下一个身份验证方法：密码test@192.168.1.10的密码：@user2107985 ok，保护措施如何？server.ssh/和.ssh/authorized_密钥有700个client.ssh/和.ssh/test600@user2107985好的，您可以使用

ssh-vvvT gittest

的结果编辑您的问题，以便我和其他人仔细查看。@user2107985您是如何生成密钥的？请看一个例子。